PT-2025-8108 · Linux+4 · Linux Kernel+4

Published

2022-11-15

Updated

2025-09-29

CVE-2022-49180

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A general protection fault issue in the Linux kernel's LSM (Linux Security Modules) has been identified. The problem arises from the interaction between security modules and the handling of input parameters. Specifically, the Smack security module correctly processes its data and returns 0, but a subsequent BPF hook returns an error code (-ENOPARAM), causing confusion for the caller. Additionally, the SELinux hook incorrectly returns 1 on success, whereas it should return 0. This discrepancy is due to a change in expectations over time.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALSA-2025_16880

CESA-2023_7077

CVE-2022-49180

RHSA-2022:8267

RHSA-2022_8267

RHSA-2023:7077

RHSA-2023_7077

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1241-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2025-8108 · Linux+4 · Linux Kernel+4

CVE-2022-49180

Related Identifiers

Affected Products

References · 1331